Managing Embedded Service Provider Certificates; Managing Reverse Proxy And Web Server Certificates - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual
Access gateway guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010:
- Manual (374 pages) ,
- User manual (58 pages) ,
- Manual (30 pages)
Table of Contents
Advertisement
3.6.1 Managing Embedded Service Provider Certificates
The Access Gateway uses an Embedded Service Provider to communicate with the Identity Server.
The Service Provider Certificates page allows you to view the private keys, certificate authority
(CA) certificates, and certificate containers associated with this module. These keystores do not
contain the certificates that the Access Gateway uses for SSL connections to browsers or to back-
end Web servers.
To view or modify these certificates:
1 In the Administration Console, click Devices > Access Gateways > Edit > Service Provider
Certificates.
2 Configure the following:
Signing: The signing certificate keystore. Click this link to access the keystore and replace the
signing certificate as necessary. The signing certificate is used to sign the assertion or specific
parts of the assertion.
Trusted Roots: The trusted root certificate container for the CA certificates associated with the
Access Gateway. Click this link to access the trust store, where you can change the password or
add trusted roots to the container.
The Embedded Service Provider must trust the certificate of the Identity Server that the Access
Gateway has been configured to trust. The public certificate of the CA that generated the
Identity Server certificate must be in this trust store. If you configured the Identity Server to use
a certificate generated by a CA other than the Access Manager CA, you must add the public
certificate of this CA to the Trusted Roots store. To import this certificate, click Trusted Roots,
then in the Trusted Roots section, click Auto-Import From Server. Fill in the IP address or DNS
name of your Identity Server and its port, then click OK.
You can also auto import the Identity Server certificate by selecting the Auto-Import Identity
Server Configuration Trusted Root option on the Reverse Proxies / Authentication page (click
Devices > Access Gateways > Edit > Reverse Proxies / Authentication). With this option, you
do not need to specify the IP address and port of the Identity Server.
3 To save your changes to browser cache, click OK.
4 To apply your changes, click the Access Gateways link, then click Update > OK.
3.6.2 Managing Reverse Proxy and Web Server Certificates
You select Access Gateway certificates on two pages in the Administration Console:
Devices > Access Gateways > Edit > [Name of Reverse Proxy]
Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] >
Web Servers
When you configure certificates on these pages, you need to be aware that two phases are used to
push the certificates into active use.
Phase 1: When you select a certificate on one of these pages, then click OK, the certificate is placed
in the keystore on the Administration Console and it is pushed to the Access Gateway. The
certificate is available for use, but it is not used until you update the Access Gateway.
120 Novell Access Manager 3.1 SP2 Access Gateway Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
